Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,452 vulnerabilities with CWE-306

CVE-2019-10121 CRITICAL

eQ-3 HomeMatic CCU2 <2.41.8 & CCU3 <3.43.15 - Auth Bypass

CVE-2019-10119 CRITICAL

eQ-3 HomeMatic CCU2 <2.41.8 & CCU3 <3.43.16 - Auth Bypass

CVE-2019-13338 HIGH

WESEEK GROWI < 3.5.0 - Unauthenticated Password Hash Exposure via Page Metadata API

CVE-2019-11020 HIGH

DDRT Dashcom Live 2019-05-09 - Unauthenticated Arbitrary File Access via Dashboard Uploads Endpoint

CVE-2019-11019 HIGH

DDRT Dashcom Live < 2019-05-08 - Unauthenticated Information Disclosure via Export Endpoint

CVE-2019-12174 HIGH

hide.me <2.4.4 - Privilege Escalation

CVE-2019-13344 MEDIUM

CRUDLab WP Like Button <= 1.6.0 - Unauthenticated Settings Update via contains() Function

CVE-2019-13131 CRITICAL

Supermicro SuperDoctor 5 - Remote Code Execution via NRPE

CVE-2019-4337 MEDIUM

IBM Robotic Process Automation with Automation Anywhere 11 - Info D...

CVE-2019-12919 MEDIUM

Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 - Unauthenticated SD Card Access via HTTP Service

CVE-2019-1897 MEDIUM

Cisco RV110W, RV130W, RV215W - DoS

CVE-2019-1876 MEDIUM

Cisco Wide Area Application Services - Unauthenticated HTTPS Proxy Access via Central Manager

CVE-2019-1631 MEDIUM

Cisco Integrated Management Controller - Unauthenticated Sensitive Information Exposure via Web Interface

CVE-2019-1629 MEDIUM

Cisco Integrated Management Controller - Unauthenticated Arbitrary File Write via Configuration Import Utility

CVE-2019-12890 CRITICAL

RedwoodHQ 2.5.5 - Unauthenticated Admin User Creation via Database Insert Operation

CVE-2019-0312 MEDIUM

SAP NetWeaver Process Integration - Unauthenticated Information Disclosure via Unprotected Web Pages

CVE-2019-3411 HIGH

ZTE MF920 Firmware <= BD_R218V2.4 - Unauthenticated Information Disclosure via WebUI Password Retrieval

CVE-2019-9881 MEDIUM

WPGraphQL 0.2.3 - Unauthenticated Comment Posting via createComment Mutation

CVE-2019-9880 CRITICAL

WPGraphQL 0.2.3 - Unauthenticated Information Disclosure via Users RootQuery

CVE-2019-9879 CRITICAL

WPGraphQL 0.2.3 - Unauthenticated User Registration with Admin Privileges via registerUser Mutation

CVE-2019-12506 HIGH

Logitech R700 Laser Presentation Remote Firmware - Keystroke Injection via Unencrypted Communication

CVE-2019-12505 HIGH

Inateck WP1001 Firmware v1.3C - Keystroke Injection via Unencrypted Communication

CVE-2019-11523 CRITICAL

Anviz Global M3 Outdoor RFID Access Control - Command Injection

CVE-2019-6451 HIGH

SOYAL AR-727H and AR-829Ev5 Firmware - Unauthenticated Access to CGI Programs

CVE-2019-9105 HIGH

SAET TEBE Small Firmware WebApp v04.68 - Unauthenticated API Access via REST_API.php

Previous Page 90 of 99 Next

Details

Vulnerabilities 2,452

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy